The 125kHz proximity card — unchanged in fundamental technology since the 1990s — can be cloned in under five seconds with a device that costs less than ₹2,500. MIFARE Classic cards, deployed across millions of doors in Indian corporate offices and residential complexes, carry documented cryptographic vulnerabilities that were published in 2008 and have never been patched. The physical access card as the primary enterprise credential is a security anachronism.

Mobile credentials on NFC and BLE change the threat model entirely. The credential lives in the phone's Secure Enclave or Trusted Execution Environment — hardware-isolated from the operating system, encrypted with AES-256, and bound to the specific device's hardware root of trust. It cannot be copied, exported, photographed, or cloned. It can be revoked from the cloud in under 30 seconds, from anywhere, the moment an employee leaves the organisation. And with Bluetooth BLE Twist and Go, it presents itself automatically as the user approaches the reader — without touching the reader, unlocking the phone, or removing anything from a pocket.

Mobile credential adoption in enterprise access control grew 340% between 2020–2025, with 68% of new enterprise access control deployments in 2025 specifying mobile-only or mobile-first credential strategies. HID Global State of Physical Security Report, 2025.

Mobile Credential Platform Comparison

PlatformProtocolReader CompatibilityTwist & Go / Hands-FreeMulti-DeviceIndia Available
HID Mobile Access (Origo)NFC + BLE 5.xHID Signo, iCLASS SEYes — BLE Twist and GoYes (phone + watch)Yes (HID India)
ASSA ABLOY SeosNFC + BLEABLOY Aperio, CLIQYes — BLE Hands-FreeYesYes (distributor)
Allegion EngageBLE + NFCSchlage BLE readersYes — BLE Auto-unlockYesLimited
Apple Wallet HomeKeyNFC + UWBASSA ABLOY, Allegion, DormakabaYes — UWB PrecisioniPhone + Apple WatchiOS 15+
Samsung Wallet PassNFC + BLEPartner readersLimitedPhone + WatchGalaxy S21+
Google Wallet PassNFCNFC readers (standard)No hands-freeAndroid 6.0+Yes (Android)

Technical Design: Mobile Credential Architecture

  • NFC protocol (ISO/IEC 14443 Type A/B, 13.56 MHz): Operates at up to 10cm range; requires phone near reader; works even with critically low battery on iPhone (Power Reserve NFC); sub-100ms transaction time — identical user gesture to contactless card
  • BLE Twist and Go: Wrist rotation gesture detected by phone accelerometer triggers credential broadcast at 3–5m range; user approaches reader, door unlocks before they reach it — no phone interaction required; ideal for hands-full scenarios
  • ASSA ABLOY Seos encryption: AES-256 credential storage in Secure Enclave/TEE; ECDH session key per transaction — prevents relay and replay attacks that defeated earlier BLE access systems
  • HID Origo cloud platform: Credential provisioning via email invitation; revocation <30 seconds; REST API for HR system integration (Workday, SAP); audit log export for ISO 27001 evidence
  • Apple Wallet HomeKey (Matter protocol): iOS 15+ native — no separate vendor app; UWB precise ranging (sub-30cm) for hands-free; credential stored in Secure Enclave; works offline at reader
  • OSDP v2 reader-to-panel: HID Signo readers use IEC 60839-11-5 OSDP v2 with AES-128 — encrypted from mobile credential in phone through to access panel; replaces insecure Wiegand for new installations
  • India compatibility: Android 6.0+ (NFC + BLE) and iOS 13+ (NFC + BLE) — covers 95%+ of active enterprise smartphones in India; no MDM enrollment required for credential app installation

Mobile Credential Access Design

ASDV Consultant designs mobile credential access control systems for enterprise campuses, corporate offices, and data centres across India

Design My System
Future Outlook: 2028–2032

Passive UWB Credentials: No App, No Tap, No Gesture

Ultra-Wideband (UWB) chip integration in all premium smartphones enables centimetre-accurate indoor positioning that will drive the next generation of access control: completely passive access where the building recognises the authorised person as they walk through a corridor and unlocks the door ahead of them — no tap, no twist, no gesture, no interaction. Combined with continuous ambient authentication (gait + phone position), the single-event door credential will be replaced by a continuous presence-based access model where physical space responds to identity rather than identity responding to physical space.

Frequently Asked Questions

NFC operates at up to 10cm and requires the phone near the reader — fast (sub-100ms), works with low battery, similar gesture to card tap. BLE operates at up to 5 metres and enables Twist and Go hands-free access — the credential presents automatically on a wrist rotation gesture without touching the reader or unlocking the phone. Enterprise readers like HID Signo support both simultaneously, giving users the choice of tap or hands-free depending on scenario.
iPhone 13+ and newer Samsung Galaxy devices support Power Reserve NFC — the credential remains available via NFC for several hours even after the phone is fully depleted. BLE Twist and Go requires power and is unavailable when the battery is dead. For mission-critical sites, ASDV recommends maintaining a small stock of emergency temporary cards as a battery-dead fallback. HID Express Mode on iOS enables credential use without Face ID authentication and with minimal remaining battery.
Revocation from HID Origo or ASSA ABLOY Seos cloud console marks the credential invalid in under 30 seconds. The next credential app check-in (triggered by a silent push notification) deletes the credential from the device secure element. This is fundamentally more reliable than physical card revocation, which requires the employee to hand back the card — a step that frequently fails when employees are terminated.